On Oct 26, 2011, at 12:39 PM, Yaron Sheffer wrote: > There is a common use case where we don't worry about malicious spokes, i.e. > where they are all trusted.
Exactly right. The fact that the hub trusts a spoke is all that a different spoke needs to know for many (most?) common cases. Having said that, it would be great of the authors of the document could come up with some terminology to differentiate "spoke trust hub to introduce to other spokes directly" and "spoke trusts hub to introduce to other spokes, possibly through indirection through other hubs". --Paul Hoffman _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
